<?php
header ('Content-type: text/html; charset=utf-8');
define('DS', DIRECTORY_SEPARATOR);
defined('APP_PATH') ? null : define('APP_PATH', '..' . DS . 'application');

require_once (APP_PATH . DS . 'initialize.php');

//if (!$_SESSION['logged_in'])
//{
//    redirect_to("login.php");
//} 
?>
<?php
// Remember to give your form's submit tag a name="submit" attribute!
if (isset($_POST['submit'])) { // Form has been submitted.

	$old_password = trim($_POST['old_password']);
	$new_password = trim($_POST['new_password']);
	$confirm_new_password = trim($_POST['confirm_new_password']);
	
	if($old_password != "")
	{
		if($new_password != "")
		{
			if($new_password == $confirm_new_password){
				// Check database to see if username/password exist.
				$userObj = new User();
				$can_change = $userObj->change_password($new_password, $old_password);

				if ($can_change) {
					$message = ("Change password success.");
					redirect_to("index.php");
				} else {
					//Can not create new user.
					$message = ("<p style='color:red;'>*Current password is incorrect , please try again.</p>");
				}
			}else{
				//New password and Confirm new password is not match
				$message = ("<p style='color:red;'>*New password and Confirm new password is mismatch.</p>");
			}
		}else{
			//New password is empty.
			$message = ("<p style='color:red;'>*Please fill new password.</p>");
		}
	}else{
		//Old password is empty.
		$message = ("<p style='color:red;'>*Please fill current password.</p>");
	}

} else { // Form has not been submitted.
	$old_password = "";
	$new_password = "";
	$confirm_new_password = "";
}

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta name="author" content="snopeborn" />

<title>Change password</title>

<style>
table tr td{line-height:30px;}
</style>
</head>

<body>

<?php

//include_layout_template('admin_header.php');

?>
<div align="center" style='border:1px solid #4a007d; width:400px; margin-left:auto;margin-right:auto; margin-top:60px;padding:40px;'>

<h2>Change password</h2>
<?php echo output_message($message); ?>

<form action="change_password.php" method="post">
<table>
	<tr>
		<td>Current Password:</td>
		<td><input type="password" name="old_password" maxlength="30"
			value="<?php echo htmlentities($old_password); ?>" /><br/></td>
	</tr>
	<tr>
		<td>New Password:</td>
		<td><input type="password" name="new_password" maxlength="30"
			value="<?php echo htmlentities($new_password); ?>" /></td>
	</tr>
	<tr>
		<td>Confirm New Password:</td>
		<td><input type="password" name="confirm_new_password" maxlength="30"
			value="<?php echo htmlentities($confirm_new_password); ?>" /></td>
	</tr>
	<tr>
		<td colspan="2"><input type="submit" name="submit" value="Change password" style='padding:15px 40px; float:right; margin-top:6px'/></td>
	</tr>
</table>
</form>

<?php

//include_layout_template('admin_footer.php');

?>
</div>
</body>
</html>
